1

Topic: Which FTP server do you use for virtual domain/user hosting?

Hi, all.

We are tring integrate a FTP server with iRedMail LDAP solution, please tell us which FTP server do you use/prefer for virtual domain hosting.

Update:

  • Integrated pure-ftpd-1.0.21 with iRedMail-0.5.0 (-current). Use exist mail user as ftp user, seperate FTP data base directory as /home/ftp or whatever you want, but it can't be the same as mail storage base directory. Document is ready. 2009.06.07

2

Re: Which FTP server do you use for virtual domain/user hosting?

We will release a doc for iRedMail(LDAP) & PureFTPd integration these days.

3

Re: Which FTP server do you use for virtual domain/user hosting?

Hi,
I prefer PureFTPd. It works with sqlAuth without problems for me.

But I don´t need ftp on a (dedicated) mailserver - just Postfix, Dovecot, ClamAV, Amavis, Spamassasin or deamons like Razor or DCC should running on it.

MySQL is runnung on a centralized auth server (pureFTPd, Apache with sqlAuth and Postfix/Dovecot);
Webmail comes from a dedicated webserver.

4

Re: Which FTP server do you use for virtual domain/user hosting?

Integration tutorial is publiced in HowtoForge:
http://howtoforge.com/virtual-mail-and- … -pure-ftpd

5 (edited by lmthong 2009-09-22 18:41:59)

Re: Which FTP server do you use for virtual domain/user hosting?

After do exactly follow howtoforge, I couldnot login to pure-ftpd-ldap with my current virtual postfix account. It says login authentication failed. I used Ubuntu 9.04 Server.

By the way, the configuration pure-ftp-ldap in Ubuntu 9.04 is much more difference to CentOS or RH. We have no /etc/pure-ftpd/pure-ftpd.conf and /etc/pure-ftpd/pureftpd-ldap.conf.

You'll install pure-ftpd-ldap by

apt-get install pure-ftpd-ldap

The 1st configuration file is replaced with /etc/pure-ftpd/conf/CreateHomeDir, just do like this to set "CreateHomeDir   yes"

 echo yes >/etc/pure-ftpd/conf/CreateHomeDir 

The 2nd one is replaced with /etc/pure-ftpd/db/ldap.conf, do the others like howtoforge.

Finally, I found there has no ftp-account (with uid=1000, gid-1000) to start pure-ftpd-ldap deamon. The system always uses " ... -u 1000 ..." when you do "/etc/init.d/pure-ftpd-ldap start". I tried create that ftp account (by usermod -o -uid 1000 -gid 1000) but no difference.

How can I insert the PureFTP attributes in iredadmin or do a batch job? I want a FTP info will be inserted while create new email account. It'll be perfect if you add an option on iredadmin (not copy from an existed account)

Wait for your help.

Thanks.

6

Re: Which FTP server do you use for virtual domain/user hosting?

lmthong wrote:

How can I insert the PureFTP attributes in iredadmin or do a batch job? I want a FTP info will be inserted while create new email account. It'll be perfect if you add an option on iredadmin (not copy from an existed account)

We already integrate pure-ftpd account info in iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh.

For example, you can find below info in create_mail_user_OpenLDAP.sh:

# ------------------------------------------------------------------
# -------------------- Pure-FTPd Integration -----------------------
# ------------------------------------------------------------------
# Add objectClass and attributes for pure-ftpd integration.
# Note: You must inlucde pureftpd.schema in OpenLDAP slapd.conf first.
PUREFTPD_INTEGRATION='NO'
FTP_STORAGE_BASE_DIRECTORY='/home/ftp'

Set 'PUREFTPD_INTEGRATION' to 'YES', and then new users created with this script will include FTP related objectclass and attributes.

7

Re: Which FTP server do you use for virtual domain/user hosting?

ZhangHuangbin wrote:

We already integrate pure-ftpd account info in iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh.

Set 'PUREFTPD_INTEGRATION' to 'YES', and then new users created with this script will include FTP related objectclass and attributes.

I mean through iredadmin.

How about my pure-ftpd-ldap, please!

root@serv:~# lftp localhost
lftp localhost:~> debug 4
lftp localhost:~> login user1@lmthong.local 123456
lftp user1@lmthong.local@localhost:~> ls
---- Connecting to localhost (::1) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 22:46. Server port: 21.
<--- 220-This is a private system - No anonymous login
<--- 220 You will be disconnected after 15 minutes of inactivity.
<--- 211-Extensions supported:
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  TVFS
<---  ESTP
<---  PASV
<---  EPSV
<---  SPSV
<---  ESTA
<---  AUTH TLS
<---  PBSZ
<---  PROT
<---  UTF8
<--- 211 End.
<--- 500 This security scheme is not implemented
<--- 200 OK, UTF-8 enabled
<--- 200  MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
<--- 331 User user1@lmthong.local OK. Password required
<--- 530 Login authentication failed
ls: Login failed: 530 Login authentication failed
<--- 530 You aren't logged in
<--- 221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
<--- 221 Logout.

and here is my /etc/pure-ftpd/db/ldap.conf

LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=core,dc=local
LDAPBindDN cn=vmail,dc=core,dc=local
LDAPBindPW GZsHWof6Tlz2aBv9y6PJO8iuuZgp9d #cn=vmail password in file /etc/postfix/ldap_virtual_mailbox_domains.cf --> 123456
LDAPDefaultUID 1001      # <- UID of 'vmail' user, in file /etc/passwd
LDAPDefaultGID 1001      # <- GID of 'vmail' user, in file /etc/passwd
LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir  #
LDAPVersion 3

Pureftpd schema added, user1 PureFTP attributes added, firewall opened, /home/ftp/ make,... but it runs with login failed

8

Re: Which FTP server do you use for virtual domain/user hosting?

you need to view log.

enable ldap and pureftpd log.

http://howtoforge.com/virtual-mail-and- … re-ftpd-p2
9 Troubleshooting

9

Re: Which FTP server do you use for virtual domain/user hosting?

Yes, you should check pureftpd log file.

And i think the error was caused by incorrect permission on /home/ftp/, it can't create ftp home directory for user.

10 (edited by lmthong 2009-09-24 12:56:03)

Re: Which FTP server do you use for virtual domain/user hosting?

#/etc/init.d/pure-ftpd-ldap restart
Restarting ftp server: Running: /usr/sbin/pure-ftpd-ldap -l ldap:/etc/pure-ftpd/db/ldap.conf -l pam -O clf:/var/log/pure-ftpd/transfer.log -E -d -u 1000 -j -B

# ls -dal /home/ftp
drwxrwxrwx 2 root root 4096 2009-09-24 11:36 /home/ftp

#cat /var/log/pureftpd.log
Sep 24 11:53:08 serv pure-ftpd: (?@localhost.localdomain) [INFO] New connection from localhost.localdomain
Sep 24 11:53:15 serv pure-ftpd: (?@localhost.localdomain) [DEBUG] Command [user] [user1@lmthong.local]
Sep 24 11:53:17 serv pure-ftpd: (?@localhost.localdomain) [DEBUG] Command [pass] [<*>]
Sep 24 11:53:17 serv pure-ftpd: (?@localhost.localdomain) [INFO] PAM_RHOST enabled. Getting the peer address
Sep 24 11:53:19 serv pure-ftpd: (?@localhost.localdomain) [WARNING] Authentication failed for user [user1@lmthong.local]
Sep 24 11:53:24 serv pure-ftpd: (?@localhost.localdomain) [DEBUG] Command [syst] []
Sep 24 11:53:25 serv pure-ftpd: (?@localhost.localdomain) [DEBUG] Command [quit] []
Sep 24 11:53:25 serv pure-ftpd: (?@localhost.localdomain) [INFO] Logout.

#cat /var/log/openldap.log
Sep 24 11:53:17 serv slapd[6364]: conn=0 fd=15 ACCEPT from IP=[::1]:52601 (IP=[::]:389)
Sep 24 11:53:17 serv slapd[6364]: conn=0 op=0 BIND dn="cn=vmail,dc=core,dc=local" method=128
Sep 24 11:53:17 serv slapd[6364]: conn=0 op=0 RESULT tag=97 err=49 text=
Sep 24 11:53:25 serv slapd[6364]: conn=0 fd=15 closed (connection lost)

I did tried create home dir for user1 (/home/ftp/lmthong.local/user1) but no difference.

11

Re: Which FTP server do you use for virtual domain/user hosting?

Could you please post openldap log with 'loglevel 256'?

12 (edited by lmthong 2009-09-25 09:01:00)

Re: Which FTP server do you use for virtual domain/user hosting?

Could you please post openldap log with 'loglevel 256'?

Sorry, but I already set loglevel 256. If it's not that log, where can i find it? (all log files are default dir) wink
Here is all in my /var/log/openldap.log (just renew and login with the same user)

Sep 25 07:54:32 serv slapd[2095]: @(#) $OpenLDAP: slapd 2.4.15 (Mar 19 2009 10:08:25) $ ^Ibuildd@palmer:/build/buildd/openldap-2.4.15/debian/build/servers/slapd
Sep 25 07:54:37 serv slapd[2194]: slapd starting
Sep 25 07:54:51 serv slapd[2194]: conn=0 fd=15 ACCEPT from IP=127.0.0.1:58819 (IP=0.0.0.0:389)
Sep 25 07:54:51 serv slapd[2194]: conn=0 op=0 BIND dn="cn=vmail,dc=core,dc=local" method=128
Sep 25 07:54:51 serv slapd[2194]: conn=0 op=0 BIND dn="cn=vmail,dc=core,dc=local" mech=SIMPLE ssf=0
Sep 25 07:54:51 serv slapd[2194]: conn=0 op=0 RESULT tag=97 err=0 text=
Sep 25 07:55:53 serv slapd[2194]: conn=1 fd=16 ACCEPT from IP=[::1]:50396 (IP=[::]:389)
Sep 25 07:55:53 serv slapd[2194]: conn=1 op=0 BIND dn="cn=vmail,dc=core,dc=local" method=128
Sep 25 07:55:53 serv slapd[2194]: conn=1 op=0 RESULT tag=97 err=49 text=
Sep 25 07:56:05 serv slapd[2194]: conn=1 fd=16 closed (connection lost)

13

Re: Which FTP server do you use for virtual domain/user hosting?

lmthong wrote:

Sep 25 07:55:53 serv slapd[2194]: conn=1 op=0 BIND dn="cn=vmail,dc=core,dc=local" method=128
Sep 25 07:55:53 serv slapd[2194]: conn=1 op=0 RESULT tag=97 err=49 text=

It seems bind dn or password are incorrect (err=49).

14

Re: Which FTP server do you use for virtual domain/user hosting?

I can use the dn and pw to login to phpldapadmin and find all object, so it is right.
I did compile an other pure-ftpd-ldap but no difference.

I think the problem from other service (i removes appamore already). I'll search in Ubuntu area for it and discuss later.

Thanks.

15

Re: Which FTP server do you use for virtual domain/user hosting?

Maybe there's something error in user authentication, such as PAM module or something else.

16 (edited by lmthong 2009-09-30 16:54:36)

Re: Which FTP server do you use for virtual domain/user hosting?

follow this page http://linux.derkeiler.com/Mailing-List … 02944.html

1. Syntax error in attributetype description
The attributetype description 'FTPStatus' in the pureftpd.schema that ships
with 1.0.21-11ubuntu1 has a syntax error. The word "SYNTAX" is there twice and
should only be there once:

attributetype ( 1.3.6.1.4.1.6981.11.3.7 NAME 'FTPStatus'
DESC 'Account status: enabled or disabled'
EQUALITY booleanMatch
SYNTAX SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
^^^^^^
The typo invalidates the schema and slapd won't start.

2. Setting either FTPStatus TRUE or FALSE always disables logins. The Syntax rule for FTPStatus only allows to set TRUE or FALSE. pure-ftpd however expects either "enabled" or "disabled". If FTPStatus is present and neither "enabled" or "disabled" are given, pure-ftpd always assumes "disabled", which effectively disables logins if the Admin sets FTPStatus =TRUE as required by the SYNTAX definition.
Patrick Koetter

I'll try first

....
....

No, It doesn't effect! Sorry sad

17

Re: Which FTP server do you use for virtual domain/user hosting?

I have do it in ubuntu 9.04 and have no any problem.

I think your problem is

LDAPDefaultUID 1001   
LDAPDefaultGID 1001 

the vmail  uid and gid is 1000

check the /etc/passwd

18 (edited by lmthong 2009-10-02 17:14:53)

Re: Which FTP server do you use for virtual domain/user hosting?

shake wrote:

I have do it in ubuntu 9.04 and have no any problem.

I think your problem is

LDAPDefaultUID 1001   
LDAPDefaultGID 1001 

the vmail  uid and gid is 1000

check the /etc/passwd

Here is mine

lmthong:x:1000:1000:lmthong,,,:/home/lmthong:/bin/bash #<-- My Ubuntu First Users
vboxadd:x:106:1::/var/run/vboxadd:/bin/false
bind:x:107:113::/var/cache/bind:/bin/false
dhcpd:x:108:114::/var/run:/bin/false
mysql:x:109:115:MySQL Server,,,:/var/lib/mysql:/bin/false
openldap:x:110:116:OpenLDAP Server Account,,,:/var/lib/ldap:/bin/false
postfix:x:111:118::/var/spool/postfix:/bin/false
clamav:x:112:120::/var/lib/clamav:/bin/false
dovecot:x:113:121:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false
amavis:x:114:122:AMaViS system user,,,:/var/lib/amavis:/bin/sh
vmail:x:1001:1001::/var/vmail:/sbin/nologin
policyd:x:1002:1002::/home/policyd:/sbin/nologin

But in /etc/shadow

vmail:!:14518:0:99999:7:::

Do I have to enable vmail account (now its password disable!)

19

Re: Which FTP server do you use for virtual domain/user hosting?

the pure-ftp schema have problem. you can down load from iredmail

wget http://iredmail.googlecode.com/hg/extra/pureftpd.schema

maybe you can email to me shake.chen@gmail.com , I let you access my test server. it is ubutu 9.04 install iredmail and pureftp.

20

Re: Which FTP server do you use for virtual domain/user hosting?

Solved! smile

I'm not sure if it's a problem of pure-ftpd=ldap (Ubuntu package). You can not write any comment behind a directive, like this

LDAPDefaultUID 1001      # <- UID of 'vmail' user, in file /etc/passwd

The # <- UID of 'vmail' user, in file /etc/passwd shouldn't be there.

I'm going to become an assmin after this.

Thanks for all.